From: Felipe Pena Date: Thu, 5 Mar 2009 16:24:41 +0000 (+0000) Subject: - Fixed bug #47572 (zval_update_constant_ex: Segmentation fault) X-Git-Tag: php-5.4.0alpha1~191^2~4196 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fadd1292680438ee31b175591359d68cbdfb5272;p=php - Fixed bug #47572 (zval_update_constant_ex: Segmentation fault) --- diff --git a/Zend/tests/bug47572.phpt b/Zend/tests/bug47572.phpt new file mode 100644 index 0000000000..695cc3a7f9 --- /dev/null +++ b/Zend/tests/bug47572.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #47572 (zval_update_constant_ex: Segmentation fault) +--FILE-- + "bar" + ); + +} + +$foo = new Foo(); + +?> +--EXPECTF-- +Notice: Use of undefined constant FOO - assumed 'FOO' in %s on line %d diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 0851aa1c20..bdf20bc8a3 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -655,10 +655,12 @@ ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *sco str_index.u = colon.u + 1; } else { if (str_index.u[str_index_len - 2] & IS_CONSTANT_UNQUALIFIED) { - actual = (UChar *)u_memrchr(str_index.u, '\\', str_index_len - 3) + 1; + if ((actual = (UChar *)u_memrchr(str_index.u, '\\', str_index_len - 3))) { + actual++; str_index_len -= (actual - str_index.u); str_index.u = actual; } + } if (str_index.u[0] == '\\') { ++str_index.u; --str_index_len; @@ -678,10 +680,12 @@ ZEND_API int zval_update_constant_ex(zval **pp, void *arg, zend_class_entry *sco str_index.s = colon.s + 1; } else { if (str_index.s[str_index_len - 2] & IS_CONSTANT_UNQUALIFIED) { - actual = (char *)zend_memrchr(str_index.s, '\\', str_index_len - 3) + 1; + if ((actual = (char *)zend_memrchr(str_index.s, '\\', str_index_len - 3))) { + actual++; str_index_len -= (actual - str_index.s); str_index.s = actual; } + } if (str_index.s[0] == '\\') { ++str_index.s; --str_index_len;